package com.base.vistter.iframe.inverter.config;

import com.base.vistter.iframe.properties.IframeProperties;
import com.base.vistter.iframe.security.filter.JwtAuthenticationFilter;
import com.base.vistter.iframe.security.handler.IframeAccessDeniedHandler;
import com.base.vistter.iframe.security.handler.IframeAuthenticationEntryPoint;
import com.base.vistter.iframe.utils.SpringUtils;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

@Slf4j
@Configuration //配置类
public class WebSecurityConfig {

    @Autowired
    private AuthenticationProvider authenticationProvider;

    @Bean
    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
        //授权配置
        http.authorizeHttpRequests(authorizeRequests -> {
                    authorizeRequests.requestMatchers("/captcha", "/sys/project/**", "/login", "/buffer", "/data/sheet/**", "/version/latest", "/version/download").permitAll()
                            .anyRequest().authenticated();
                }
        );

        //禁用登录页面
        http.formLogin(AbstractHttpConfigurer::disable);
        http.authenticationProvider(authenticationProvider);

        //禁用登出页面
        http.logout(AbstractHttpConfigurer::disable);
        //禁用session
        http.sessionManagement(AbstractHttpConfigurer::disable);
        //禁用httpBasic
        http.httpBasic(AbstractHttpConfigurer::disable);

        AuthenticationManager authenticationManager = (AuthenticationManager) SpringUtils.getBean("authenticationManager");
        IframeProperties iframeProperties = (IframeProperties) SpringUtils.getBean("iframeProperties");
        http.addFilterBefore(new JwtAuthenticationFilter(authenticationManager, iframeProperties), UsernamePasswordAuthenticationFilter.class);

        //请求未认证的处理
        http.exceptionHandling(exceptionHandlingConfigurer -> {
            exceptionHandlingConfigurer.authenticationEntryPoint(new IframeAuthenticationEntryPoint()).accessDeniedHandler(new IframeAccessDeniedHandler());
        });

        /*  http.formLogin(httpSecurityFormLoginConfigurer -> {
            httpSecurityFormLoginConfigurer.loginProcessingUrl("/wifi/login");
        });*/
        /*//登录配置
        http.formLogin(formLoginConfigurer -> {
            formLoginConfigurer.permitAll()
                    //登录成功处理
                    .successHandler(new IframeAuthenticationSuccessHandler())
                    //登录失败处理
                    .failureHandler(new IframeAuthenticationFailureHandler());
        });*/

        //退出配置
        /*



        //现在最多登录用户
        http.sessionManagement(sessionManagementConfigurer -> {
            sessionManagementConfigurer.maximumSessions(1).expiredSessionStrategy(new IframeSessionInfomationExpiredStrategy());
        });
         */

        //跨域处理
//        http.cors(Customizer.withDefaults());
        //关闭csrf攻击
        http.csrf(AbstractHttpConfigurer::disable);
        return http.build();

    }
}
